PublicDate: 2008-03-04 23:44:00 UTC
Candidate: CVE-2008-1149
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1149
Description:
 phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters
 instead of $_GET and $_POST, which allows attackers in the same domain to
 override certain variables and conduct SQL injection and Cross-Site Request
 Forgery (CSRF) attacks by using crafted cookies.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/198745
Priority: low
Discovered-by:
Assigned-to: emgent
CVSS: 

Patches_phpmyadmin:
upstream_phpmyadmin: released (2.11.5)
dapper_phpmyadmin: released (4:2.8.0.3-1ubuntu0.1)
edgy_phpmyadmin: released (4:2.8.2-0.2ubuntu0.1)
feisty_phpmyadmin: released (4:2.9.1.1-2ubuntu1.2)
gutsy_phpmyadmin: released (4:2.10.3-1ubuntu0.2)
devel_phpmyadmin: released (4:2.11.3-1ubuntu1)